package com.mjt.admin.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.mjt.admin.model.CaptchaImageModel;
import com.mjt.admin.model.RespBean;
import com.mjt.admin.utils.StringUtil;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Objects;

/**验证码过滤器
 * @author shkstart
 * @create 2021-10-28 10:20
 */
@Component
public class CaptchaCodeFilter extends OncePerRequestFilter {

    private static ObjectMapper objectMapper = new ObjectMapper();


    /**
     * @description
     * @author 莫某人
     * @date 10:23 2021/10/28
     * @param request
     * @param response
     * @param filterChain
     * @return {@link }
     **/
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        //只有在登陆请求时才有验证码过滤操作
        if (StringUtils.equals("/login",request.getRequestURI())){
            //验证登录验证码是否正确
            try {
                this.validate(new ServletWebRequest(request));
            }catch (AuthenticationException e){

                response.setContentType("application/json;charset=UTF-8");
                response.getWriter().write(objectMapper.writeValueAsString(
                        RespBean.error(e.getMessage())));
                return;
            }

        }

        filterChain.doFilter(request,response);
    }

    private void validate(ServletWebRequest servletWebRequest) throws ServletRequestBindingException {
        HttpSession session = servletWebRequest.getRequest().getSession();
        //获取请求中参数值
        String captchaCode = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "captchaCode");

        if (StringUtils.isEmpty(captchaCode)){
            throw new SessionAuthenticationException("验证码不能为空");
        }
        CaptchaImageModel captchaImageModel = (CaptchaImageModel) session.getAttribute("captcha_key");

        if (Objects.isNull(captchaImageModel)){
            throw new SessionAuthenticationException("验证码不存在");
        }
        if (captchaImageModel.isExpired()){
            throw new SessionAuthenticationException("验证码已过期");
        }
        if (!StringUtils.equals(captchaCode,captchaImageModel.getCode())){
            throw new SessionAuthenticationException("验证码错误");
        }



    }
}
